Contents
Overview 1
Multimedia: Concepts of Active Directory
in Windows 2000 2
Introduction to Active Directory 3
Active Directory Logical Structure 9
Active Directory Physical Structure 15
Methods for Administering a
Windows 2000 Network 19
Review 24

Module 1: Introduction
to Active Directory in
Windows 2000 Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any

Online Support: David Myka (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Courseware Testing: Data Dimensions, Inc.
Production Support: Irene Barnett (S&T Consulting)
Manufacturing Manager: Rick Terek
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Managers: Gerry Lang, Julie Truax
Group Product Manager: Robert Stewart Module 1: Introduction to Active Directory in Windows 2000 iii Instructor Notes
This module provides students with an introduction to implementing and
administering Microsoft
®
Windows
®
2000 Active Directory
™
directory
services. The module provides a foundation for the course by introducing the
concepts of the Active Directory directory service and its logical and physical
structures. This module also provides an overview of how Active Directory
enables the centralized management and decentralized administration of a
Windows 2000 network.
At the end of this module, students will be able to:
!

Study the review questions and prepare alternative answers to discuss.
!
Anticipate questions that students may ask. Write out the questions and
provide the answers.
!
Read the white paper, Active Directory Architecture, on the Student
Materials compact disc.

Presentation:
60 Minutes
Labs:
00 Minutes
iv Module 1: Introduction to Active Directory in Windows 2000 Module Strategy
Use the following strategies to present this module:
!
Introduction to Active Directory
In this topic, you will introduce Windows 2000 Active Directory. Begin by
illustrating to students the purpose of Active Directory as a network
directory service. Explain the purpose of Active Directory objects and their
attributes. Discuss the Active Directory schema and emphasize how
Lightweight Directory Access Protocol (LDAP) is used to communicate
with Active Directory.
!
Active Directory Logical Structure
In this topic, you will introduce the logical structure of Active Directory.
Begin by illustrating the purpose of domains in Active Directory. Explain
how organizational units (OUs) can be used to group objects into a logical

Active Directory Physical Structure
!
Methods for Administering a Windows 2000 NetworkIn a Microsoft
®
Windows
®
2000 network, the Active Directory
™
directory
service provides the structure and functions for organizing, managing, and
controlling network resources. To implement and administer a Windows 2000
network, you must understand the purpose and structure of Active Directory.
Active Directory also provides the capability to centrally manage your
Windows 2000 network. This capability means that you can centrally store
information about the enterprise and administrators can manage the network
from a single location. Active Directory supports the delegation of
administrative control over Active Directory objects. This delegation enables
administrators to assign specific administrative permissions for objects, such as
user or computer accounts, to other users and administrators.
At the end of this module, you will be able to:
!
Describe the function of Active Directory.
!
Describe the logical structure of Active Directory.
!
Describe the physical structure of Active Directory.
!

presentation that introduces
the important concepts of
Active Directory.
Start this presentation from
the instructor computer. To
view the presentation, open
the Web page on the
Trainer Materials compact
disc, click Multimedia
Presentations, and then
click the title of the
presentation.

The estimated time to
complete this presentation is
seven minutes.

Tell students that a copy of
the presentation is included
on the Student Materials
compact disc.
Module 1: Introduction to Active Directory in Windows 2000 3 #
##
#

Introduction to Active Directory
!

!
Organize
!
Manage
!
Control
!
Organize
!
Manage
!
Control
Resources
Resources
Centralized Management
Centralized Management
Centralized Management
!
Single point of administration
!
Full user access to directory
resources by a single logon
!
Single point of administration
!
Full user access to directory
resources by a single logon Active Directory is the directory service in a Windows 2000 network. A

information about resources
in a Windows 2000 network
and makes the resources
accessible to users and
applications.
Key Points
Active Directory provides
directory service
functionality, including a
means of centrally
organizing, managing, and
controlling access to
network resources.

Active Directory enables
administrators to manage
distributed desktops,
network services, and
applications from a central
location while using a
consistent management
interface.
Module 1: Introduction to Active Directory in Windows 2000 5 Active Directory Objects
!
Objects Represent Network Resources
!
Attributes Store Information About an Object

Value
Objects
Objects
Objects
Printers
Printers
Users
Users
Printer3Active Directory stores information about network objects. Active Directory
objects represent network resources, such as users, groups, computers, and
printers. Moreover, all servers, domains, and sites in the network are also
represented as objects. Because Active Directory represents all network
resources as objects in a distributed database, a single administrator can
centrally manage and administer these resources.
When you create an object, the properties, or attributes of that object store the
information that describes the object. Users can locate objects throughout
Active Directory by searching for specific attributes. For example, a user can
locate a printer in a specific building by searching the Location attribute of the
printer object class.
Slide Objective
To identify the purpose of
Active Directory objects.
Lead-in
Active Directory objects
represent network
resources, such as users,
groups, computers, and

middleName
List of Attributes
List of Attributes
List of Attributes
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName
…
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName
…
Attribute
Examples
Attribute
Attribute
Examples
Examples

Can use discretionary access control lists (DACLs) to protect all object
classes and attributes. The use of DACLs allows only authorized users to
make schema changes.

Slide Objective
To identify the purpose of
the schema in Active
Directory.
Lead-in
The Active Directory
schema defines all Active
Directory objects.
Module 1: Introduction to Active Directory in Windows 2000 7 Lightweight Directory Access Protocol (LDAP)
!
LDAP Provides a Way to Communicate with Active
Directory by Specifying Unique Naming Paths for
Each Object in the Directory
!
LDAP Naming Paths Include:
$
Distinguished names
$
Relative distinguished names
CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft
Suzan Fine
Lead-in
LDAP is the protocol that is
used for accessing Active
Directory.
Use the illustration on the
slide to explain to the class
the concepts of
distinguished and relative
distinguished names.
8 Module 1: Introduction to Active Directory in Windows 2000 Relative Distinguished Name
The LDAP relative distinguished name is the portion of the LDAP
distinguished name that uniquely identifies the object in its container. Its
composition varies depending upon the extent of the existing search context
established by the client. The search context may vary from the domain
component level to the common name level. In the preceding example, the
relative distinguished name of the Suzan Fine user object is Suzan Fine.
The following table provides examples of distinguished names, the search
context established by the client, and relative distinguished names.
Distinguished name Relative distinguished name

OU=Sales,DC=contoso,DC=msft OU=Sales
CN=Suzan Fine,OU=Sales,DC=contoso,
DC=msft
CN=Suzan Fine
CN=Judy Lew,OU=Shipping,
DC=europe,DC=contoso,DC=msft
CN=Judy Lew